Field Visibility

[cansoysal]

Hi,
I'm trying to change field visibility depending user's access-role. In Keystone Classic(v4) there are "hidden" and "noedit" properties. Seems like they are missing in V5.

[gautamsi]

you can use access control, if user read access is denied, they can not see this in admin-ui

[cansoysal]

Ok, If I set field's access: false, it doesn't show up. But if a set it as below, It show up in entry list as 'error'. Create button is present too btw.

product.js

...
store: {
      access: {
        read: access.userIsAdmin,
        update: access.userIsAdmin,
        create: access.userIsAdmin,
        delete: access.userIsAdmin,
        // auth: true,
      },
      type: Relationship,
      ref: 'Store',
    },

store.js

const Store = {
  access: {
    read: access.userIsAdmin,
    update: access.userIsAdmin,
    create: access.userIsAdmin,
    delete: access.userIsAdmin,
  },

access.js

const userIsAdmin = ({ authentication: { item: user } }) => Boolean(user && user.isAdmin);

[justintemps]

@cansoysal did you ever get any clarity on this?

[gautamsi]

I have a PR which shows read only fields in the UI as disabled fields. #2258

this is only in the admin-ui, the graphql endpoint has to be protected with access control.

if you use a function in access control then this is going to be treated as "maybe true" in admin-ui and let access control protect you

[justintemps]

But then if it's false, I can't access it from graphql either, can I?

[gautamsi]

if it is false you can not use it in GraphQL. maybe true means it does !!function(){} which is true so you see them in admin-ui.

I believe you still see them in GraphQL which evaluates in the backend and eventually deny based on access control.

[Sylchi]

I need to hide some fields and even lists from admin ui, but still would like to use them in graphql. Example -> virtual fields that compute values from user input.

[gautamsi]

I dont think that is possible. it is not hard to implement but have not seen this (or similar requests) on priority list for this repo.

you might want to fork admin ui to do the same. another caveat for that is you will need to form more packages to pass down configurable info.

if #2314 makes it way in, then it is only forking the admin-ui. I even have plan to publish my fork of admin ui with more customisability.

[Fabyao]

@gautamsi Thanks for the clarifications. I am also in the same situation as @Sylchi where I need to hide certain fields and lists from the Admin UI. This is to limit the amount of information the user administering the CMS sees.

[Sylchi]

As far as I know this function has been available in the keystonejs in the earlier versions and has been omitted in the version 5. I guess this has just not been implemented. To me it seems like a core functionality that should be in the main repo.

Use case is where the fields are necessary to be accessable from the api, but are cluttering the admin UI.

[MadeByMike]

We've now added readOnly fields: #2258